{{ ansible_managed | comment }}

auto lo
iface lo

{% macro iface_common(iface, index=None) %}
{% for address in iface.addresses | default([]) %}
address {{ address | ansible.utils.ipaddr }}
{% endfor %}
{% for gateway in iface.gateways | default([]) %}
gateway {{ gateway | ansible.utils.ipaddr }}
{% endfor %}
{% if iface.forward | default(false) %}
ip-forward yes
ip6-forward yes
{% endif %}
{% if iface.goto_table is defined %}
{% set prio = ifupdown2__prio_base + 3 * index %}
pre-up ip rule add prio {{ prio }} iif $IFACE table local
pre-up ip rule add prio {{ prio + 1 }} iif $IFACE table {{ iface.goto_table }}
pre-up ip rule add prio {{ prio + 2 }} iif $IFACE blackhole
post-down ip rule del prio {{ prio }} iif $IFACE table local
post-down ip rule del prio {{ prio + 1 }} iif $IFACE table {{ iface.goto_table }}
post-down ip rule del prio {{ prio + 2 }} iif $IFACE blackhole
{% endif %}
{% if iface.vrf is defined %}
vrf {{ iface.vrf }}
{% endif %}
{% if iface.ipv6_addrgen is defined %}
ipv6-addrgen {{ iface.ipv6_addrgen
                | ternary("yes", "no") }}
{% endif %}
{% endmacro %}

{% set index = 1 %}

{% for name, iface in ifupdown2__interfaces.items() %}
{% set index = index + 4 %}
auto {{ name }}
iface {{ name }}
    {{ iface_common(iface, index) | indent(4) }}
{% if iface.bridge_ports is defined %}
    bridge-ports {{ iface.bridge_ports | join(" ") }}
{% endif %}
{% if iface.bridge_vlan_aware is defined %}
    bridge-vlan-aware {{ iface.bridge_vlan_aware
                         | ternary("yes", "no") }}
{% endif %}
{% if iface.bridge_vids is defined %}
    bridge-vids {{ iface.bridge_vids | join(",") }}
{% endif %}
{% if iface.vlan_id is defined %}
    vlan-id {{ iface.vlan_id | int }}
{% endif %}
{% if iface.vlan_raw_device is defined %}
    vlan-raw-device {{ iface.vlan_raw_device }}
{% endif %}
{% if iface.bridge_disable_pvid | default(false) %}
    bridge-pvid 0
    post-up bridge vlan del dev {{ name }} vid 1 self
{% endif %}

{% endfor %}

{% for name, iface in ifupdown2__wireguard.items() | sort(attribute="0") %}
{% set index = index + 4 %}
auto {{ name }}
iface {{ name }}
    link-type wireguard
    {{ iface_common(iface, index) | indent(4) }}
    pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
{% for address in iface.peer_allowed_addresses | default([]) %}
    post-up ip route add {{ address }} proto {{ ifupdown2__wireguard_proto }} \
        table {{ iface.table | default("main") }} dev $IFACE
{% endfor %}
{% endfor %}

{% for name, iface in ifupdown2__vrf.items() | sort(attribute="0") %}
{% set index = index + 4 %}
auto {{ name }}
iface {{ name }}
    {{ iface_common(iface, index) | indent(4) }}
    vrf-table {{ iface.table }}
{% endfor %}